I just released a vulnerability last night so hopefully the security
team considers it worthy of a DSA. How long does it usually take for a
DSA to be created and released?
What is everyones thoughts on creating proof of concept. I realize it
can be a good thing or a bad thing. I like making POC for the majority
of the flaws I find just to prove to myself its actually exploitable. I
do realize that even if its not exploitable in most cases the code
should be changed or atleast thats my feelings. If it looks vulnerable
it probably is and if it isn't it may become vulnerable later on due to
library changes or other external changes.
--David D. Rude II
bannedit@xxxxxxxxxxxxxxx
|
